Messaging Thread Boundries and Authenticated Principal
My application is currently leveraging Spring Security's global-method-security to control access on various service methods within our application as such:
<protect-pointcut expression="execution(* com.mycompany.*Example1Service.*(..))"
<protect-pointcut expression="execution(* com.mycompany.*Example2Service.*(..))"
I need to keep the access controls on the service methods, and not on the message channels themselves.
What's the best way to set an authenticated pripal using Spring Security's SecurityContext so it can be applied to all aspects throughout the context of a single messaging sequence within the application container?
Right now I am setting the authenticated principal during the 1st step of the messaging sequence [i.e. SecurityContext.setAuthentication(<authenticatedTo ken>)] , but I am unsure of the thread boundaries within my messaging sequence. Currently, all messages are passing though only DirectChannels, but I feel certain I will need to add Publish/Subscribe channels as well.